Tor Network

What Is the Tor Network?

Tor (The Onion Router) is a decentralized network of volunteer-operated relays that anonymizes internet traffic by encrypting it in multiple layers and bouncing it through at least three relays before it reaches its destination. Each relay only knows the identity of the relay before it and the relay after it, so no single node can trace the full path from the user to the destination server.

How Tor Routing Works

When a Tor user connects to a website, the Tor client selects a random circuit of three relays: an entry guard, a middle relay, and an exit node. The traffic is encrypted in three layers. Each relay peels off one layer of encryption, forwards the data to the next relay, and the exit node makes the final unencrypted request to the destination. The website only sees the exit node's IP address.

Tor in the Threat Landscape

Tor provides vital anonymity for journalists, whistleblowers, and citizens in oppressive regimes. However, the same anonymity makes it attractive to attackers conducting credential stuffing, account takeover attempts, and fraud. Because Tor exit nodes are publicly listed, they are frequently associated with high-risk traffic and low IP reputation scores.

Detecting Tor Traffic

Unlike VPNs or proxy servers, Tor exit nodes are published in a public directory, which makes identification straightforward in principle. AntiProxies ingests updated Tor exit lists continuously and flags connections originating from Tor exits. This allows your platform to apply risk-appropriate responses, such as requiring additional verification through CAPTCHAs or email verification, without outright blocking all Tor users.